On 20-11-2015 17:57, Jayesh Badwaik wrote:
On Friday, November 20, 2015 05:46:18 PM Mauro Santos wrote:
Not really, BIOS is old and it doesn't know anything about OPAL drives. I don't know about UEFI machines but I suspect not many know about SEDs/OPAL either. By BIOS, I meant UEFI, sorry about that. My UEFI is from 2013 (Dell Latitude) and it knows enough about SEDs. I use SSDs and I use Hardware Based Encryption with it (Samsung 850 Evo).
On the other hand, you don't know what kind of treatment the BIOS would do to the password before sending it to the SED, one bios could send it plaintext, others could send key scancodes, you don't want to get anywhere near that kind of nonsense. This would mean that you might not be able to unlock the disk if you move it to another machine. That is something I have never paid any attention to. But I can set a password through the linux's hdparm utility, and then you can unlock it from the the BIOS and vice-versa. So, I think that makes it standard enough, but not sure.
This is starting to get off-topic but here goes, if you say you can lock your ssd with hdparm and unlock it with the UEFI firmware then what you are using is a plain old ata security password, which in the case of Samsung they claim will encrypt the media encryption key (MEK). This method of providing a password to protect the MEK is not standard and I guess they do it as a convenience for the user. What I've been talking about from the start is SEDs that support TCG Opal[1]. [1] https://en.wikipedia.org/wiki/Opal_Storage_Specification -- Mauro Santos